Re: Is this mail list dead?

[Tracy R Reed <treed@ultraviolet.org>]

On Sat, Mar 17, 2001 at 02:33:54AM +0300, Pedro Rosa wrote:
> Cool. I AGREE Linux is getting an horrible reputation.But I would prefer 
> a solution a-la OpenBSD rather than seeing a dubious security scheme 
> being implemented as a major feature all over the kernel and getting 
> into all distros. Note: I have NOTHING against C2 or its successor. What 

How is a solution a-la OpenBSD going to make Linux any more secure? We
can't just use OpenBSD in situations where we need security. EVERY
computer needs security. From computers at the Pentagon to computers in
your bedroom. Unless you meant that Linux should be audited as well as
OpenBSD. That's a great idea but it's a lot of work and Linux evolves way
too quickly. Software in general desperately needs a way to prevent
inevitable implementation bugs from becoming major security holes. As long
as new software is being written new bugs will continue to appear. We need
a system to help mitigate that risk. How is SE Linux (assuming it
continues to mature and becomes suitable to the task) a dubious security
scheme?

> I consider erroneous is to implement C2 inside the main trend. That will 
> surely give birth to distros and builds on which security is WRONG from 
> the very start. Because people will concentrate their ideas and efforts 

C2 security is wrong? How so?

> I am speaking about this because I did see a completely stupid C2 
> implementation. And one of the actors of the comedy is me... In fact I 
> even directed the second act... That was a lesson: NEVER use a common 
> security conception just because it's right on your desk... Or someone 
> likes it...

I don't understand. You implemented C2 stupidly? Why?

> Anyway, I think that, with the present way things are added to the 
> kernel, we will not get anything good. I believe security should keep 
> out of the main kernel makings (only a very small "supporting" set 
> should be in it). But the traditional "patching" methods are getting too 
> square and too straight to produce a good "secured" kernel version. I 
> believe this is where the real security conceptions should start to see 
> the kernel...

I strongly disagree. The kernel desperately needs security. People don't
have to use it or compile it in. But it must be there. I'd love to see
more support in hardware for security too but industry and the general
public don't seem to care much about security so I don't anticipate that
happening any time soon.

-- 
Tracy Reed      http://www.ultraviolet.org
-
Securedistros: A common list for all secured Linux distributions
Archive:       http://humbolt.nl.linux.org/lists/